Tri-City Medical Center in Oceanside, California, has experienced a major cybersecurity crisis. This incident has led to an “internal disaster” declaration and has caused ambulance traffic to be diverted to other healthcare facilities. According to The San Diego Union-Tribune, the hospital is currently dealing with the aftermath of a cyber attack, prompting the implementation of urgent measures to contain the damage and protect patient records.
Hospital management has officially confirmed the situation, stating that the emergency department is still operational for cases arriving in private vehicles. The medical center is working closely with other health system partners to ensure uninterrupted healthcare services for the community.
While the specific nature of the cyber attack has not been revealed, the medical center has described it as a “cybersecurity challenge” that is similar to other incidents affecting healthcare providers nationwide. Although ransomware is suspected to be involved, this has not been officially confirmed Tri-City management. The hospital’s chief strategy officer and spokesperson, Aaron Byzak, has announced that a forensic analysis is underway, with additional information to be shared once available.
Tri-City Medical Center, an independent medical provider serving the Oceanside, Carlsbad, and Vista area since 1961, is undergoing this cyber attack during a critical period. The hospital is currently in the process of finalizing a joint powers agreement with UC San Diego Health to manage its operations.
The growing threat of cybersecurity challenges faced healthcare entities has been highlighted the U.S. Office of Information Security, reporting a doubling of data breaches over the past three years. Ransomware, in particular, has become a significant concern, with the average ransom demand increasing 45% from 2020 to 2021, reaching a peak of $247,000.
Additionally, a study conducted between 2016 and 2021 found that 374 ransomware attacks targeted healthcare delivery organizations, compromising the personal health information of over 42 million Americans. Brett Callow, a threat analyst at Emisoft, warns of the recurring scenario in hospital cyber attacks and the potential repercussions for patient care and financial and operational aspects.
Healthcare providers in San Diego County have previously dealt with significant cyber threats. In 2021, Scripps Health incurred a ransomware attack that resulted in the disruption of access to electronic health records and an estimated $113 million in lost revenue. Similarly, UC San Diego Health experienced a data breach that exposed protected information, although it did not affect day-to-day operations.